Tag Archives: InfoSec

While perusing /r/netsecstudents, it seems that every other day there is a thread asking for advice on how to break into the InfoSec world and where to start studying.
As helpful as the responses are, they tend to vary widely and are dependent on who can be bothered replying with the same answer each and every time.

As such, I thought I’d post up a rough guide for beginning your adventures should you be a newbie looking to move into information security (primarily pentesting, bounty hunting, and red teaming). This is by no means comprehensive and is simply based off my own experiences. It’s also incredibly video heavy, so that’s something I guess.

Everything you do will be based off networking fundamentals and as much as it sucks, the old adage of “You have to walk before you can run” really does apply.

Feel free to jump around the list. If something is draining your soul, move on and come back. Seriously, until you get to the OSCP stage in this list it can be crushingly boring and if your mind starts to wander you will begin glazing over and miss something pretty important.

The greatest lesson you can take from dealing with the fundamentals is developing patience and learning to manage frustration. If you cannot learn to control apocalyptic levels of frustration, then it’s probably not advisable to read any further because this whole industry feeds on frustration; it’s basically a kink.

I am currently a Managing Security Consultant for a small spear head team in a global corporation. We perform red teaming, phishing training, pentests, vuln scanning, breach assessments, and baseline security assessments. I come from a healthcare IT and applications background and teach people how to go fast on motorbikes on the side.

*Word of caution: Be aware that a large majority of people who move into this industry come with at least 5 years experience in other IT fields (often more) and without being a downer, you’ll probably never out-dance an ex dev; those dudes turn into raid bosses.
While there are plenty of young guns straight out of uni and some naturally talented freaks in their teens doing this, it is an industry that heavily benefits those with career and life experience. It requires a constant desire to learn and significant mental fortitude.

Linux Essentials PlaylistAn understanding of Linux, and comfort using it is a must. Install a VM or dual boot it; using it every day is the quickest way to learn. It’s pretty alien if all you’ve known is Windows, but boy is it beautifully efficient and simple once you understand it.
You can use the Linux Newbie Guide to quickly help you find or remember commands; bookmark it and then forget about it for years like I did.

Windows SysAdmin Essentials (suggested by LonerVamp)This is a Lynda course which requires a membership, or you can try it for free. Well worth investing a months sub to go through it.
This course focuses on Server 2012, though it’d be worth browsing other material.
Server 2008 is a common find in the real world, and unfortunately 2003 is all too common as well, so try become familiar with them all. Server environments are different beasts to every day desktops.

Additionally, the Microsoft Video Courses ‘Windows Server Administration’ series are extremely well done, and you feel like you’re watching a sports show.

Courses:

At this stage you would be more than comfortable beginning your OSCP (Offensive Security Certified Professional) adventures. If you’re not feeling it, jump down to VulnHub and HackTheBox to get bit more ready for free.
The OSCP is one of (if not) the best certifications out there and is a birth by fire approach. You will receive detailed course material and VPN access to a virtual lab filled with machines you can learn to hack.
Lab access is from 15 to 90 days, with the ability to extend as much as you want so long as you have the dosh.
At the end is a 24 hour exam.

In the event you cannot afford to sign up for the OSCP yet (or you just want more stuff) then see below for a DIY approach.

Oh, and download Kali Linuxhere. *Don’t run Kali as your daily OS, it’s not designed for that and makes you look like a skiddy.

Cybrary CoursesCybrary is a wonderful platform filled with a plethora of courses for the aspiring <insert role>. It’s free, and you can get little certification pictures to put on your LinkedIn. Neat. They’re not overly weighty when it comes to resume’s but they do show a commitment to learning which is taken into consideration.

Hacksplaining is a free to use site with expertly crafted mini courses on all the fundamentals of web application hacking. You can chew through the whole site in an afternoon and it will greatly improve your understanding of website attack concepts.

PentesterLab is another site with short, self contained lessons, both free and subscription based. There are badges to complete which can also be displayed on your LinkedIn.

HackTheBox is a free to use virtual lab where you can practice your hacking skills. The only caveat is you have to hack your own invite code. There are videos and guides all over the net on how to do this, but I implore you, DON’T CHEAT. Get the code yourself, it’s not too hard and you will gain a tremendous amount of satisfaction from it. Also, if you can’t get the code, you sure as hell won’t get any of the boxes inside.

HTB is definitely one of my favourites on this list; they have a good sized admin team with continuous development, a stream of new community made vuln boxes to play with that rotate in, retired boxes available to VIP’s, and professional labs. The VIP memberships are well worth it as you get placed on a much smaller VLAN which avoids the hassle of other people hitting the same box as you.

Practical Pentest Labs is another virtual lab environment to practice hacking. I have not personally played in here yet, but I’ve heard good things so far.

Coding
A lot of people ask what is a good first language to learn, and without a doubt, one of the most handy to have in security is Python.Practice Python takes you from a complete and utter novice to a hardcore Python programmer. Seriously, I suck at coding and always have. This site was the FIRST thing that has ever got me to understand programming language, and I can even write baby scripts to do things I’m too lazy to do now. I cannot recommend this site highly enough.

PHP is another must have language as it is extremely common when dealing with web content.

VulnHub is a user-driven site filled with virtual machines to try and hack. You download them and host them yourself, then battle away. They range from easy to bananas. Check out beginner ones first and definitely look up Metasploitable.

OverTheWire is a site for war games where you move through levels designed to encourage skill growth and self-learning. This was suggested by reader (Leithreas), and I have since gone and completed the ‘Bandit’ challenges, which were a tremendous amount of fun.
The learning process is very similar to ‘Practice Python’ and gives a lot of insight into messing around in Linux.
I did notice the difficulty has certain spikes and is not necessarily linear, but the knowledge gained is invaluable.

Books
If you enjoy reading or want to start building your collection, then a good start is anything from the list below. Obviously, there’s a tremendous (DT) amount of books to recommend, but I can’t remember them all so here’s a few. Be aware that the RTFM and BTFM won’t exactly “teach” anything, but are just excellent command reference books to have on hand.

RTFM – Red Team Field Manual

BTFM – Blue Team Field Manual

Violent Python

Nmap Network Scanning (only for those who chew through books like candy)

If you don’t already follow certain blogs, then you’ll soon realise just how valuable random people posting stuff can be. Often you can find answers to anything you need on a blog or a forum post.
As such, the following are some good starter pages to bookmark and reference as you go.

g0tmi1k is a very well known figure in the industry, and has mountains of invaluable information and cheat sheets for beginners and advanced testers alike.

Active Directory Security focuses on AD & Enterprise Security, securing methods, attack and defence tactics, along with a slew of notes and trivia.

Security Sift Not updated for some time now, but still contains valuable information relating to breaches, exploits, and a multitude of other security-related topics.